PSD2, a European Union regulation, enforces a number of regulations on the Financial sector, including the necessity of banks to provide open banking services. Arkéa has been involved in open banking for several years by providing white label banking services and saw PSD2 as an opportunity to extend their open banking features. To further their open banking offerings, they needed to deploy 10-15 additional APIs to accelerate the digitization of their bank. While PSD2 made up only a small percentage of new services (10-15 APIs) in development, they are also developing internally core banking services and orchestration services. These new services would need to be exposed via APIs that needed to be designed, developed, managed, and governed.

The most successful APIs follow the API Design-First Principle. One of the central principles of API Design-First is defining a clear business objective, and balancing that objective with the technical goals. Arkéa’s API engineering teams are made up of approximately 150 employees distributed across a large organization. To facilitate collaboration within individual teams and across their organization, they required a tool that would enable their product manager by providing with collaborative tooling, access to the developing process, and an easy to understand GUI.

Arkéa needed a method for promoting Design-First principles within their organization to maintain consistent, well designed APIs. A single source of truth with collaborative features between non-technical and technical staff was paramount to achieving first-class API design.

Financial institutions require a high degree of security to protect the sensitive data they handle on a daily basis. Arkéa needed a solution that would ensure that data could not be exposed under any circumstance, provided SAML support, and that their data was hosted in Europe. An on-prem deployment was of critical importance for maintaining the high level of security that Arkéa required.

To rapidly accelerate the development of APIs required to meet PSD2 regulations and expose Open Banking services, Arkéa looked to the Stoplight platform. Stoplight provided a single source of truth and an intuitive editor that accelerated development and cut down on costs.

API Design-First principles require non-technical stakeholders to be involved in the API Design process to ensure that APIs meet business objectives and not just technical goals. Stoplight helped Arkéa’s non-technical stakeholders be involved in the design process by providing a single-source-of-truth where engineers and product owners could collaborate on designs. The visual editor allowed product owners an easy method for understanding the API specifications in development. The single-source-of-truth paired with robust collaborative tooling also helped promote API Design-First culturally by providing a clear workflow for all the pertinent stakeholders that emphasized participation.

“This is why a graphical tool like Stoplight was a good opportunity — perhaps the only one — to involve them in the design of [our] API. We recommend co-designing with a product owner and a developer. The developer should know a bit about REST and Swagger in order to drive the product owner and let him focus on his job — the business. On the other hand, the developer must be accompanied by a business user because he doesn’t know all about the tricky parts of the business. It’s particularly true in the financial domain, for example, with all the legislation and specific business rules. So, it was the real first reason to go for Stoplight.”

Nicolas Tisserand, API Architect at Arkéa group

“By using Stoplight, we are enforcing Product Owners to be clear on what they want. They must take part in the design process and this is done through Stoplight. Moreover, we have now a real Swagger with relevant comments. Not generated ones,” he said.

Arkéa started to see immediate results when it came to on-boarding new engineers or assisting other engineers due to Stoplight’s simplicity and WYSIWYG editors. Instead of having to teach all stakeholders the Swagger spec, they held Stoplight training sessions that assisted in rapidly on-boarding technical and non-technical stakeholders.

“My team is only composed of architects. Our role is to provide support to other teams of the company. We help them through individual assistance on projects and with training sessions in which we teach how to use Stoplight and our API gateway. We also speak about REST, governance and strategy. These training sessions are dedicated to developers AND product owners and managers.”

Nicolas Tisserand, API Architect at Arkéa group

“If I had to quote just one advantage, it would be the WYSIWYG-like design capabilities of Stoplight. For us, it’s difficult to drive Product Owners or business people to design an API. It’s an important change in their day-to-day job. A visual editor like Stoplight is the first step to access the API world.”

Stoplight provided an on-premise solution that maintained their high level of security by bringing Stoplight within their firewall. To simplify and expedite the on-boarding process, Stoplight migrated all their users from our hosted solution and integrated with their SAML identity.

Arkéa utilized the design-first approach to enable native contract testing based on their OAS specification. Moreover, they have been able to integrate their contract test directly into their delivery pipeline. This enabled them to design not only better quality APIs, but also automated testing which in turn decreased time to delivery.